workflow-review
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process user prompts as context for the
/workflow-start reviewcommand. This architecture represents a surface for indirect prompt injection, where instructions embedded in the user's data (such as the code to be reviewed) could attempt to influence the agent's behavior during the workflow. - Ingestion points: User input is passed as context to the
/workflow-startcommand inSKILL.md. - Boundary markers: None present in the skill instructions to delimit user data from agent instructions.
- Capability inventory: The skill triggers a sequence of internal commands including
/code-review,/watzup, and/workflow-end. - Sanitization: No explicit sanitization or validation of the user context is defined within the skill file.
Audit Metadata